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(54) Multiple virtual router 



(57) A multiple virtual router is a subsystem that al- 
lows multiple network layer protocols (i.e. IP, IPX and 
Bridging protocols) to co-exist on the same physical port 
14. It provides a common set of interfaces between the 
Media Layer and the protocol processes. Media events 
or changes in the protocol port (i.e. port deletion, media 
deregistration, media registration, media state change, 
media mtu change, connectionless routing metric 
change, etc.) may be broadcast to each protocol giving 
them an accurate view of the system. 



A multiple virtual router is disclosed which includes 
a housing and multiple routing modules distributed 
therein. A separate table is associated with each proto- 
col within each routing module. The multiple virtual rout- 
er also includes a management module for configuring 
the routing modules. Communications between the 
management module and the routing modules occurs 
out of band from the user traffic. Further, the housing 
may have multiple ports each of which is logically cou- 
pleable to different routing modules. 
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Description 

[0001] The invention relates generally to the field of 
routers and more particularly, to a single device having 
multiple independent router modules therein. 
[0002] With the growing popularity of the Internet and 
with the growing popularity of networks in general, there 
is a trend towards centralized network services and cen- 
tralized network service providers. To be profitable, 
however, network service providers need to constantly 
maintain and if possible enlarge their customer base 
and their profits. However, leased line services are com- 
ing under increased competition causing profit margins 
to decrease for these providers. Thus, an increased 
number of providers are trying to attract small and me- 
dium sized businesses by providing centralized network 
management. Part of this network management should 
be that the service is provided from a centralized, secure 
network facility. There has been difficulty providing this 
service, however, due to address conflicts, security 
problems and costly upgrade requirements to customer 
premise equipment. Historical independent network de- 
velopment has resulted in conflicting and overlapping 
address space between the individual networks and the 
management networks. 

[0003] Others have attempted to solve these prob- 
lems by using encapsulating techniques, such as inter- 
net protocol (IP) tunneling, to separate network traffic 
from unrelated networks. This method, however, suffers 
from many of the same problems. Inter-network security 
can not be guaranteed in IP tunneling as it relies upon 
customer premise equipment to be correctly configured. 
These encapsulating techniques also require upgrading 
the customer premise equipment to be compatible with 
the IP tunneling. Further, performance can be a problem 
since routing disturbances caused by one customer 
may affect the routing performance of another custom- 
er's network. 

[0004] Accordingly there exists the need for a central- 
ized device which allows the implementation of separate 
networks over common infrastructure while providing 
security and performance to each network without the 
need to upgrade customer premise equipment. 
[0005] The need also exists for such a device which 
is smaller and cheaper than multiple separate routers 
yet easily managed. 

[0006] The need also exists for such a device which 
prevents unauthorized users on any of the networks 
from reconfiguring or otherwise managing the device. 
[0007] The need also exists for such a device having 
the ability to provide different quality of service to differ- 
ent networks. 

[0008] It is an object of the present invention to pro- 
vide a device which substantially fulfills at least one of 
the above needs. 

[0009] This and other objects of the invention will be- 
come apparent to those skilled in the art from the follow- 
ing description thereof. 



[001 0] It has now been discovered that the above and 
other objects may be accomplished by embodiments of 
the present multiple virtual router described herein. The 
invention includes a housing having at least one physi- 

s cal port. It also includes multiple routing modules dis- 
posed within the housing. A first of the routing modules 
has a first routing table associated therewith, while a 
second routing module has a second routing table as- 
sociated therewith. The physical port may be logically 

10 connectable to both the first and the second routing 
modules. 

[0011] In one embodiment, the invention may include 
a management router module capable of selectively 
communicating with and configuring each of the routing 
is modules. The management module may be capable of 
doing this communication and configuration out-of- 
band from normal user traffic. 

[0012] The invention will next be described in connec- 
tion with certain illustrated embodiments; however, it 
20 should be clear to those skilled in the art that various 
modifications, additions and subtractions can be made 
without departing from the scope of the claims. 
[001 3] For a fuller understanding of the nature and ob- 
jects of the invention, reference should be made to the 
25 following detailed description and accompanying draw- 
ings, in which: 

FIG. 1 depicts a block diagram of the preferred em- 
bodiment of a multiple virtual router in accordance 
30 with the invention; 

FIG. 2 depicts the embodiment of FIG. 1 showing a 
management module connected to multiple routing 
modules; 

FIG. 3 depicts a possible configuration of multiple 
35 virtual routers in accordance with embodiments of 
the present invention, being utilized by multiple net- 
works using different protocols. 

[001 4] A multiple virtual router is a subsystem that al- 
40 lows multiple network layer protocols (i.e. IP, IPX and 
Bridging protocols) to co-exist on the same physical port 
14. It provides a common set of interfaces between the 
Media Layer and the protocol processes. Media events 
or changes in the protocol port (i.e. port deletion, media 
45 deregistration, media registration, media state change, 
media mtu change, connectionless routing metric 
change, etc.) may be broadcast to each protocol giving 
them an accurate view of the system. 
[0015] A multiple virtual router is disclosed which in- 
so eludes a housing and multiple routing modules distrib- 
uted therein. A separate table is associated with each 
protocol within each routing module. The multiple virtual 
router also includes a management module for config- 
uring the routing modules. Communications between 
55 the management module and the routing modules oc- 
curs out of band from the user traffic. Further, the hous- 
ing has multiple ports each of which is logically couple- 
able to different routing modules. 
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[0016] Multiple virtual routers maintain a set of logical 
network interfaces 16 mapped to the physical ports 14 
(i.e. DS3 frame relay ports) that allow a protocol to for- 
ward packets between different media, such as local ar- 
ea networks (i.e. Fddi, Ethernet, and Token Ring) and 
wide area networks (i.e. FrDte, X25Dte, and Ppp). The 
logical ports (i.e. DLCI on the frame relay port) are dis- 
tributed to each logical processor and updated by a for- 
warding agent. The forwarding agent is used to provide 
current information about the node and physical inter- 
faces 14 to the routing modules 12 so that forwarding 
decisions can be readily made. 
[001 7] Each physical port 1 4 may contain information 
about the media and data used by the protocol to for- 
ward packets to that physical port 14. The media specific 
portion is sent by media applications when they register 
with the multiple virtual router. Similarly the protocol data 
is specified by the protocol when it registers with the 
multiple virtual router. 

[0018] FIG. 1 is an illustration of an embodiment of 
the invention including various multi-protocol router 
modules 12 disposed within a common housing 10. 
Those skilled in the art will recognize that while FIG. 1 
illustrates these routing modules 12 as being entirely 
disjoint, it is possible to connect some or all of them to- 
gether without departing from the scope of the invention. 
The housing 10 has at least one physical port 14 which 
may be selectively, logically connected to various ones 
of the router modules 1 2 as represented by logical con- 
nections 16 (interfaces). While FIG. 1 illustrates only 
one physical port 14 and two routing modules 12, those 
skilled in the art will recognize that more than two routing 
modules 12 and/or more than one physical port 14 may 
be employed. Further, a particular physical port 14 may 
be selectively, logically connected/connectable to (i) 
one router module 12, (ii) multiple router modules 12, or 
(iii) all of the available router modules 12. With certain 
exceptions which will become evident from this disclo- 
sure, the routing modules 12 perform the same as con- 
ventional routers. 

[0019] The routing modules 12 may be assigned dif- 
ferent priorities for performing certain tasks. For exam- 
ple, assigning one routing module 12 a higher priority 
route calculation (i.e. the recalculation of forwarding in- 
formation upon receiving routing update/changes from 
other nodes) and forwarding of data than another rout- 
ing module 12 enables the higher priority routing module 
12 to route traffic received on the links 16 to that routing 
module 1 2 at a higher priority than traffic on lower priority 
routing modules 12. In this way, a high priority client 
could be provided a high priority virtual router and a low 
priority client could be assigned a lower priority virtual 
router. In addition, routing table updates, and routing 
processing may be prioritized as well. This prioritization 
would give the service provider the opportunity to offer 
different services and charge different rates for different 
clients. 

[0020] A multiple virtual router may also include a 



management router module 18 as illustrated in FIG. 2. 
The management router module 1 B allows configuration 
and diagnostic access to the router modules 1 2 in a se- 
cure manner which may be out-of-band with normal user 

s traffic as shown by connections 20. Connections 20 may 
be a bus, point to point connections or simply logical 
connections. The management router module 18 may 
enable a management network to access each individ- 
ual router module 1 2 in a particular multiple virtual router 

10 without being connected to each individual router mod- 
ule 12 (i.e. without the need for a full mesh interconnec- 
tion between the management network and each indi- 
vidual router module 12). Additionally, a management 
router module 1 8 could route management traffic to an- 

is other multiple virtual router if necessary. In this way, a 
variety of multiple virtual routers could be managed us- 
ing normal IP or IPX routing techniques. 
[0021] In today's IP and IPX networks, management 
of routers occurs in-band with user traffic. Thus great 

20 efforts must be expended to protect the management 
interface from illegitimate access by users of the net- 
work. Another concern is that the managing authority 
could be denied access to the router and a customer 
could be denied service. By providing a completely sep- 

25 arate management network (including a management 
router module 18) as embodiments of the present inven- 
tion can, the management authority can effectively con- 
figure and control the router network in a secure and 
consistent fashion without these typical security and ac- 

30 cessability concerns. One skilled in the art will recognize 
that it is possible to use conventional in-band manage- 
ment techniques with the present invention, however, 
then the management authority would still need to be 
concerned with the present security and accessability 

35 issues 

[0022] FIG. 3 illustrates a possible configuration of 
multiple virtual routers in operation. The virtual routers 
allow each protocol (i.e. IP and IPX) to share the same 
physical link. This gives each protocol access to a pri- 

40 vate virtual network. In the configuration illustrated in 
FIG. 3, network C is visible to network A through IPX's 
routing tables, just as networks D and E are visible to 
network B through IP's routing tables. To each protocol 
it appears as though it is the only protocol running on 

45 the network. The virtual routers isolate the protocols, but 
maintain connectivity to the media (i.e. the WAN) so that 
events are broadcast and status information is kept cur- 
rent. Those skilled in the art will realize that each router 
module 12 may be a multi-protocol router capable of 

so running multiple protocols concurrently. Since it is com- 
mon for one network to be running many protocols si- 
multaneously, the multiple virtual routers may provide 
isolation (i.e. independent address space and inde- 
pendent network routing updates for each network) be- 

55 tween different clients running the same or different 
routing protocols. 

[0023] It will thus be seen that the invention efficiently 
attains the objects set forth above, among those made 
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apparent from the preceding description. In particular, 
the invention provides multiple virtual routers. Those 
skilled in the art will appreciate that the configurations 
depicted in FIGS. 1 , 2 and 3 disclose centralized devices 
which allow the implementation of separate networks 
over common infrastructure while providing security and 
performance to each network without the need to up- 
grade customer premise equipment. 
[0024] It will be understood that changes may be 
made in the above construction and in the foregoing se- 
quences of operation without departing from the scope 
of the invention. It is accordingly intended that all matter 
contained in the above description or shown in the ac- 
companying drawings be interpreted as illustrative rath- 
er than in a limiting sense. 

Claims 

1. A multiple virtual router comprising: 

a port; 

a plurality of routing modules; 
a first table associated with a first of said plu- 
rality of routing modules; 
a second table associated with a second of said 
plurality of routing modules; 
wherein said port is logically coupleable to dif- 
ferent ones of said plurality of routing modules. 

2. A multiple virtual router as claimed in Claim 1 further 
comprising: 

a management routing module connectable 
to each of said plurality of routing modules and ca- 
pable of selectively communicating with and config- 
uring each of said plurality of routing modules. 

3. A multiple virtual router as claimed in Claim 2 
wherein communications between said manage- 
ment routing module and at least one of said plural- 
ity of routing modules takes place out-of-band from 
normal user traffic through said at least one of said 
plurality of routing modules. 

4. A multiple virtual router as claimed in claim 2 or 
claim 3 wherein said management routing module 
is configured to have a higher priority for communi- 
cating than said plurality of routing module. 

5. A multiple virtual router as claimed in any of the 
above claims wherein said first of said plurality of 
routing modules is assigned a higher priority for 
routing data than said second of said plurality of 
routing modules. 

6. A multiple virtual router as claimed in any of the 
above claims wherein said first table is updated on 
a higher priority basis than said second table. 



7. A multiple virtual router as claimed in any of the 
above claims wherein said first of said plurality of 
routing modules is configured to forward traffic at a 
higher priority than said second of said plurality of 

s routing modules. 

8. A multiple virtual router as claimed in any of the 
above claims comprising a plurality of ports and 
wherein each of said plurality of ports is logically 

10 connectable to each of said plurality of routing mod- 
ules. 

9. A multiple virtual router as claimed in any of claims 
2 to 4, or any of claims 5 to 8 when dependent upon 

is claim 2, wherein said management module is capa- 
ble of configuring at least two of said plurality of rout- 
ing modules for use by different networks. 

10. A multiple virtual router as claimed in claim 9 com- 
20 prising a plurality of ports; wherein at least one of 

said plurality of ports is logically coupled to each of 
said plurality of routing modules; and said manage- 
ment module is coupled to said at least one of said 
plurality of ports. 

25 

11. A multiple virtual router for routing communications 
between at least two networks employing a com- 
mon protocol, and having the ability to simultane- 
ously route communications between at least two 

30 other networks employing the same or a different 
common protocol, said multiple virtual router com- 
prising: 

a plurality of routing means for routing commu- 
35 nications between said at least two networks 

employing a common protocol; and, 
a plurality of interface means arranged to con- 
nect at least one of said routing means to said 
at least two networks. 

40 

12. A multiple virtual router as claimed in claim 11 fur- 
ther comprising: 

management means for configuring said plural- 
45 ity of routing means; 

wherein said management means is logically 
coupled to said plurality of routing means. 

13. A multiple virtual router as claimed in claim 12 
so wherein said management means is selectively 

configured to have a higher priority for communicat- 
ing than said plurality of routing means. 

55 
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